Overview

overview

8

Static

static

8

d0749b3c46...8d.exe

windows7-x64

8

d0749b3c46...8d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0749b3c461b8885b406bb1cc9c5f39a2b2128ca53a337869db9c53365a2b58d.exe

  • Size

    356KB

  • MD5

    5744d2f543b8c827f1f61c440d3c50d0

  • SHA1

    a1d0cd84cce61c13cd5e1e51e0da2b9697399540

  • SHA256

    d0749b3c461b8885b406bb1cc9c5f39a2b2128ca53a337869db9c53365a2b58d

  • SHA512

    238c76662e37f6c3681011c400d222bfda68025097673bf7b15e16c242e43160d043a7321c3d11b42c02d2cc7bb46471ffe5e16d8ab57ed35c6c173da7fa968e

  • SSDEEP

    6144:2GbusJD0EKiUIyA5cq8Fj8xyPo0Xc/IunWs3F11aU8kg9s2dh6bobbeCjg:2GbrB0EnUPAeFN7oUunn71aVksswe2g

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0749b3c461b8885b406bb1cc9c5f39a2b2128ca53a337869db9c53365a2b58d.exe
    "C:\Users\Admin\AppData\Local\Temp\d0749b3c461b8885b406bb1cc9c5f39a2b2128ca53a337869db9c53365a2b58d.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-54-0x0000000000CA0000-0x0000000000DAF000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1204-55-0x0000000000CA0000-0x0000000000DAF000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1204-57-0x0000000000CA0000-0x0000000000DAF000-memory.dmp

    Filesize

    1.1MB

    Download